Weekly Industry Round-up: Week of 1/25
Posted by hyperguard on January 29, 2010
Cloud: Security Doesn’t Matter (Or, In Cloud, Nobody Can Hear You Scream)
In this post, Chris Hoff says that it doesn’t matter how “secure” Cloud providers suggest they are because in the long run it’s about how compliant they are. That’s what will determine the success of Cloud. Chris suggests that the core issue to tackle in Cloud is trust. Trust is comprised of Security, Control, Service Levels and Compliance. He says it is relatively easy to establish where we are today with the first three, but we will have to work harder to manage compliance.
Another Lesson from the IE Zero Day Attacks on Google: The Power of Whitelisting
Neil McDonald discusses lessons learned from the recent breaches of Google’s infrastructure as the result of attacks on unknown vulnerabilities in Internet Explorer where no patch was available. He focuses on application control/whitelisting and believes that whitelisting at the endpoints would have stopped these attacks. If Internet Explorer had an unknown vulnerability, was subject to a zero-day attack and malicious code was dropped on the machine, the code wouldn’t be allowed to execute because it wasn’t on the approved list. Application control solutions provide straightforward and powerful protection. If a code isn’t supposed to be running on a system, don’t let it run.
Low Hanging Fruit: Security Management
In this post, Mike Rothman discusses the discipline of security management. He stresses the importance of having a security program in place. When thinking about starting a program, make sure to define success, communication and accountability. He also suggests reviewing your incident response plan and to monitor everything so that you can react faster. Especially monitor logging, change detection and network behavioral analysis. By identifying your priorities and having a strong security, it will be easier to determine what you need to be working on.